Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instances Should Have Deletion Protection Enabled

This rule ensures that RDS DB instances have deletion protection enabled to prevent accidental data loss.

RuleRDS DB instances should have deletion protection enabled
FrameworkFedRAMP Low Revision 4
Severity
Critical

Rule Description

RDS (Relational Database Service) DB instances should have deletion protection enabled in order to comply with the security standards of FedRAMP Low Revision 4. Deletion protection ensures that accidental or unauthorized deletion of DB instances is prevented, avoiding data loss or service disruption.

Troubleshooting Steps (if applicable)

If deletion protection is not enabled for RDS DB instances, you may encounter the following issues:

  1. 1.
    Accidental or unauthorized deletion: Without deletion protection, there is a risk of unintentionally deleting DB instances, leading to permanent data loss.
  2. 2.
    Service disruption: If a DB instance is deleted, it will result in service interruption until a new instance is provisioned, which can impact operations and availability.

Necessary Codes (if applicable)

To enable deletion protection for RDS DB instances, you can use the AWS Command Line Interface (CLI) or AWS SDK. The following code snippet demonstrates how to enable deletion protection using the AWS CLI:

aws rds modify-db-instance --db-instance-identifier <db-instance-id> --deletion-protection

Replace

<db-instance-id>
with the identifier of the RDS DB instance for which you want to enable deletion protection.

Step-by-Step Guide for Remediation

To enable deletion protection for an RDS DB instance and comply with FedRAMP Low Revision 4, follow these steps:

  1. 1.

    Identify the RDS DB instance: Determine the identifier of the RDS DB instance that needs deletion protection enabled.

  2. 2.

    Access AWS Management Console: Login to the AWS Management Console using appropriate credentials.

  3. 3.

    Navigate to RDS service: Go to the RDS service dashboard by selecting it from the list of available services.

  4. 4.

    Select the RDS DB instance: Locate the desired DB instance in the RDS dashboard and select it.

  5. 5.

    Enable deletion protection: In the instance details page, scroll down to the 'Settings' section and click on the 'Modify' button.

  6. 6.

    Enable deletion protection option: In the modification settings, find the 'Deletion protection' option and check the box to enable it.

  7. 7.

    Save the changes: Scroll down to the bottom of the modification settings and click on the 'Apply immediately' button to save the changes.

  8. 8.

    Confirm modification completion: Wait for the modification to complete. The status of the DB instance should change to 'Modifying' during this process.

  9. 9.

    Verify deletion protection: After the modification is completed, go to the RDS dashboard and confirm that the deletion protection status is now enabled for the DB instance.

By following these steps, you have successfully enabled deletion protection for the RDS DB instance, ensuring compliance with the FedRAMP Low Revision 4 requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now